Risk Governance

Responsibilities
About the Company
Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.
Why Join Us
Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible.
Together, we inspire creativity and enrich life - a mission we aim towards achieving every day.
To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve.
Join us.
About the Team
The Internal Threat Management team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

**Responsibilities**:
**1. Internal Threat Risk Metrics Creation**:

- Develop and define key risk metrics to assess the effectiveness of internal threat detection and mitigation strategies (e.g., number of insider threat incidents, false positives/negatives, response time, and incident resolution).
- Create and maintain KPI (Key Performance Indicators) and KRI (Key Risk Indicators) specifically focused on internal threat risks, such as data exfiltration, privilege misuse, policy violations, and unauthorized access.
- Design and implement frameworks to measure the performance of insider threat programs and related risk management initiatives.

**2. Trend Analysis & Risk Monitoring**:

- Continuously monitor and analyze internal threat data, identifying emerging trends, patterns, and areas of concern related to insider threats (e.g., disgruntled employees, high-risk data access).
- Use historical data to forecast future risk trends and provide actionable insights into potential vulnerabilities or growing threats.
- Analyze incident trends (e.g., types of insider threats, departments at higher risk, or specific systems targeted) and report findings to key stakeholders.

**3. Internal Threat Risk Reporting**:

- Develop and deliver regular risk reports for senior management, providing insights on the status and effectiveness of internal threat programs, key risk indicators, and threat trends.
- Prepare reports and dashboards for internal stakeholders, ensuring that they highlight critical risk areas, emerging threats, and recommended actions for mitigation.
- Collaborate with security, compliance, HR, and other teams to gather necessary data for reporting and ensure the reports meet regulatory and organizational requirements.

**4. Governance Framework for Internal Threat Management**:

- Define and implement a robust risk governance framework that supports internal threat management, ensuring it is aligned with the organization’s overall risk management and compliance strategies.
- Establish and manage processes for risk assessment, control testing, and risk mitigation related to internal threats, ensuring that these processes are effective and aligned with industry best practices.
- Work closely with internal stakeholders to ensure that policies and procedures are properly followed and that risk management processes are integrated across departments.

**5. Collaboration & Stakeholder Engagement**:

- Act as a liaison between internal sub-units, business units, IT, and other security teams to ensure that internal threat governance processes are integrated across the organization.
- Engage with senior management to discuss findings from risk metrics, trend analysis, and reporting, and recommend necessary actions to address any identified risk areas.
- Work with HR and legal teams to ensure that internal threat risk governance efforts align with employee rights, data protection regulations, and corporate policies.

**Qualifications**:
**Minimum Qualifications**:

- Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.
- Minimum of 5 years of work experience, with at least 3 years of team management experience and a pre